Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

An anonymous reader writes "A recent move by the University of Hawaii forcing all students and faculty to migrate their independent university email accounts to Google has raised serious questions, prompting one student to file a complaint with the U.S. Department of Education, with senior faculty questioning both the implementation and scope of this partnership." One of the stranger notes: a clause, defended as standard, naming Google a "school official" of the university.

If my Community College can get away with forcing (it is actually required you use it) all students and faculty to use Hotmail, which works properly on precisely zero of my three main computers, I don't see how Gmail warrants a shitfit for any reason other than some MS bribery.

That makes me think of all the people who hear complaints about Linux and respond with "Oh, that was last year, have you tried it recently?"

Except it's closer to a decade, instead of a year. If you're gonna complain, at least try to be on a current variant. That's four major versions ago. Would you bitch Linux due to issues with the 1.x kernel?

In 2006, Exchange 2003 was the current variant (2007 was released at the end of that year). I know, I know - the college really should have taken a time machine into the future rather than requiring OWA in spite of more than 85% of the students have college-issued laptops with Outlook installed on them (and were on the domain to boot). I'm talking about when I was in college, not now. Thus the use of past tense and pointing it occurred before Chrome was ever released.

WTF is this about? My university provides Exchange accounts for staff and faculty (default Outlook or OWA), and branded Gmail for students. But both types of account are accessible over IMAP with Thunderbird or the client of your choice. Yes, I know most users are unaware nowadays that there are such things as email clients besides Outlook, but unless the IT service is actually blocking or banning IMAP, I don't see what it matters what the backend hosting arrangements are. Much:-)

And while we're at it, what does "independent university email accounts" mean? Is that all those separate unauthorized departmental accounts running on little servers in the corner of the lab or behind the reception desk in each department, created by some enterprising grad student because central IT took too long to create accounts, or because the users wanted accounts with a particular hostname in the remote-part?

Considering the kid made the typical anti-google statements, I would tend to agree.

"Fread has filed a complaint with the federal Department of Education, saying, “They’re [UH] absolutely ignoring Google’s abysmal record with privacy.”

That's word for word, isn't it. quoted from fox news: Yep [eweek.com] "Steve Pociask, president of the American Consumer Institute Center for Citizen Research, wrote on FoxNews.com that "[Google's] abysmal track record on privacy "Or here's one for facebook: http:/ [blogspot.com]

1) What does being a former marine have to do with privacy laws?2) What does being a former superintendent for federal contracting projects have to do with privacy laws?3) How do you know he is quite well versed in privacy laws?

Sounds to me like you're substituting an ad hominem with two unjustified appeals to authority and an unsupported statement of fact.

It's not good to show up to a battle of wits with nothing but wet blanks.

How are we supposed to know who the hell this kid is? why should we even given a shit? That's not ad-hom, it's just that his opinion is about as valid as Florian Mueller's and we all know how that goes.

As also noted:

1) What does being a former marine have to do with privacy laws?2) What does being a former superintendent for federal contracting projects have to do with privacy laws?3) How do you know he is quite well versed in privacy laws?

please save the republican agenda shit for people as stupid as yourself.

The rest of us know how to not support multinationals or at least make conscious decisions which ones we choose to support (google, whole foods, pirate party) and which we don't (microsoft, cisco, cargill, monsanto, intel, samsung, apple, att, tmobile, facebook, pinterest), and those which you have no choice if you deem a product essential. You'll never hear me support anyone other than the pirate party, but sure man, go ahead and delu

Google's Street view project used Netstumbler, which is an application you can download whenever you like and is available for free. This application listens in on the wifi radio, and records what it finds, it allows you to discover networks, even when they are not broadcasting. In the process of this, it is possible that traffic of what people were doing (that they were doing unencrypted, in the clear, over easily listened to wifi) were recorded. When Google realized th

how many times do we need the exact same anon to defend this dipshit with his statements? this is comedy the amount of effort someone is making to stay anon. Why don't you really post as registered if you expect people to value the shit you say.

Whether it works or not is a small issue. The big issue is Colleges use to have a rep for standing up for their student body's rights. e.g. no access to e-mail/log records with out a warrant and not without notifying the individual in question (National Security issues not withstanding). A company is not going to fight as fervently for its students right to information/privacy as a company will. The school's future admission numbers will reflect a bad move in this department. A company is beholden to no

None of this fake electronic imitation mail, we had real mail, delivered into actual boxes! If you wanted to use electronic mail, punch cards would fit in them, but really only for freshman projects; upperclass projects usually needed more than the hundred or so cards you could fit into a dorm mailbox, though if your department gave you a mailbox in the classroom buildings, you could usually fit one or two 2000-card boxes in them, plus a printout or two.

I was thinking about this the other night. I like Gmail, but I don't really like it's interface. I don't want to install a client on every machine I use to access my email. Is there a website/service that acts like an email client that has a customizable (or at least better) interface?

You couldn't manage with 2 gigs? WTF are you doing? Let me guess, you're one of those who saves the email with the attachment rather than saving the attachment and deleting the email.

I tell people where I work, you have your email quota (set by another agency) and you get 1 pst file of 2 gigs. If you can't manage your email with that amount space, you're doing something wrong.

When they follow my suggestion, it's amazing how much space they suddenly have.

And before those of you start whining about how space is cheap, it costs about 1 penny per email per person per day to maintain. That's storage space, manpower to manage the space, backups and electricity to keep everything running. Multiply out the potentially millions of emails in an organization by that cost and you'll see why deleting emails and saving the attachment is the correct path.

NetApp and EMC sell storage for about 40x (yes forty times) what youy can buy it for at Fry's, before mirroring, backups, etc. That's almost the entire reason for email quotas. Storage really is really cheap - as long as it doesn't come in a big box.

It boggles my mind that Google has been lauging all the way to the bank on this issure for 10 years now, and as much as people try to copy Google in other areas, no one else even considers collections of commodity servers as a storage platforms (despite many o

It boggles my mind that Google has been lauging all the way to the bank on this issure for 10 years now, and as much as people try to copy Google in other areas, no one else even considers collections of commodity servers as a storage platforms (despite many open source glue solutions, even Google's own).

The problem is the "open source glue" solutions aren't very refined, have issues -- aren't production quality.

Google's system is not open source, and they have obviously expended massive efforts to dev

I agree. College students email with term paper for hire attachments, and pirated songs and protest organization mail, and drunk shots of the girl in 301 West Tower, and the going rate for a dime bag are all valuable forensic data.

They're not that expensive. See my post in response to the GP. $0.01 per email per day equates to several dollars per GB per month. I have vendor quotes for disk and management (everything except electricity, rent, and AC - switches and cabling included) for orders of magnitude less than that. The only thing I can think is that he is dealing with much smaller volumes (i.e. less than 5-10 TB).

No I didnt, i jsut wanted to make it a bit absurd to bring out the nitpickers. Email storage is RETARDEDLY CHEAP considering the payload, dont skimp on it. Thats doesnt mean let the users abuse it, it means let the system evolve as things/costs change.

I work on 12 projects they will run a decade or longer. During the time there will be dozens of stake holders, plus legal requirements to maintain a history. 1 penny per email? are you stupid?First off, it's about size, not number of emails.Secondly, the cost per email goes down depending on how many emails you have, tapering off as you approach 0. Obviously you don't achieve zero.

You couldn't manage with 2 gigs? WTF are you doing? Let me guess, you're one of those who saves the email with the attachment rather than saving the attachment and deleting the email.

I keep almost all my email because sometimes you need the words written in the email (or the time stamp and record of who the attachment came from) just as much as the attachment. I wish I had 2 gigs, but as it is, after getting two expansions, my server quota is at about 300 MB. I can keep about 3 weeks of email in my server account and the rest has to be saved locally (which, honestly, is not that big a deal, though it does mean I need to have a backup solution for my laptop now).

We are at the mercy of Google now. When Google decides to roll out a new "feature," it is not as though we can choose not to use it. I thought that perhaps I could shield myself by using an email client, but guess what? When Google decided to start classifying some of my mail as "important," messages started disappearing from my inbox and appearing in a folder I had not subscribed to. It took me a few days to figure out what was happening, and to disable the "feature."

This was because you accepted the new settings when it was offered to you on screen and you clicked it away instead of reading. Next time tell the full story.

The full story includes nothing about "the screen," because Google cannot rewrite the email program that I use, which is claws-mail. I had not logged in to Gmail's web interface about several years when the change happened, and was basically forced to do so to stop Google from applying filters I did not create.

The full story includes nothing about "the screen," because Google cannot rewrite the email program that I use, which is claws-mail. I had not logged in to Gmail's web interface about several years when the change happened, and was basically forced to do so to stop Google from applying filters I did not create.

Gmail doesn't do that unless you logged in and accepted the offered changes.

My old university moved from forcing every student to use an email account hosted by the University to forcing every student to use an email account hosted by Google, with the same.university.ca domain.

It saved the University money and provided better service because the old mail system was crap.

Because in most cases, Google is mining all those accounts for data and showing ads. In some cases, students may be involved with research that includes confidential data. Google does not provide guarantees that they won't mine/archive or protect that data in accordance with laws/regulations surrounding that data.

HIPPA does not require that data be passed in encrypted form. It only requires that reasonable effort be made secure it. However, that can be patient data can be transmitted via internal email because it's all Exchange and therefore encrypted over the wire, then in most cases, HIPPA is satisfied.

Email Encryption still has long way to go before it's completely transparent to user.

If you're going to claim to know the implementation of a standard, it's usually best to actually know the standard. HIPAA (one P, two As) specifically states:

Covered entities must consider the use of encryption for transmitting EPHI, particularly
over the Internet. As business practices and technology change, situations may arise
where EPHI being transmitted from a covered entity would be at significant risk of being
accessed by unauthorized entities. Where risk analysis shows such risk to be significan

I'm not sure how HIPAA relates to a university email system, but it's taken pretty seriously in healthcare. HIPPA goes beyond technical requirements; it mandates policies and procedures to be in place to prevent inappropriate disclosure of PHI. The healthcare system that I work at prohibits patient identifying information from being copied or transcribed from the EMR. This includes email, thumb drives, grand rounds, competencies and education, and research. Penalties are severe, including termination an

HIPPA doesn't require that you use S/MIME or PGP or some other technology to encrypt the content of your mail at rest. But if you're transporting between systems, you need to ensure that privileged data is protected in transit. There are a variety of techniques that allow you to do that, with a range of advantages and disadvantages.

If you are dealing with confidential data, you should not be emailing it in plain text. EVER.

Serious question, as I'm not too much of a technical person. Since Gmail defaults to https, doesn't this protect the users from 3rd parties? Google can still parse the email obviously, but you do have *some* protection, no?

But on the other hand, people complain that schools are expensive and inefficient. The logical conclusion is to outsource non-core departments to the lowest bidder. Isn't that how the free market is supposed to work?

Oh wait, people complain about free markets if the free markets affect them negatively. I forgot that humans are not rational beings, and are instead illogical, petty and short-sighted. Libertarians included.

But on the other hand, people complain that schools are expensive and inefficient. The logical conclusion is to outsource non-core departments to the lowest bidder. Isn't that how the free market is supposed to work?

Oh wait, people complain about free markets if the free markets affect them negatively. I forgot that humans are not rational beings, and are instead illogical, petty and short-sighted. Libertarians included.

Assuming people put their money where their mouth is, the free market welcomes complaint. When there is a market, either existing companies will change in order to grab up that market or new companies will come up to grab that market. Now, if you are a market of one, expect to pay a lot more since you will be dealing with a custom solution. Don't blame the free market if the average Joe would get email by giving out their personal data than paying cash for it. If you can't get your college or email service

1) Email and file services, for a research university with a computer science program, is a core function.

2) Data and communications storage, retention, and management, for a research university doing anything at all, is a core function.

3) The assumption that outsourcing non-core functionality is always and automatically the answer to inefficiency is a mistaken premise. There is nothing inherent in outside providers that makes them capable of greater efficiency. Especially whe

Running email is a core function like running libraries is a core function, as they serve very similar purposes in a university environment.
And email isn't even close to done, cooked, finished, anyway. The problems of storage, access, indexing, delivery, scaling, privacy, interface, all of these are active fields of research and innovation. In fact, it is specifically Google's innovations in some of these areas (especially scaling at low cost) that make them attractive at all, so "done, cooked, finished"

Email, and to a large degree IT in general, has been this at universities since it was invented. So has, for that matter, a significant portion of the entire Internet (that portion of it run by universities). Why do you think most email technologies were developed in the first place (along with vast portions of the rest of the Internet framework)? So they could be used by the university in its research and teaching efforts. All along the way many of the most popular utilities, clients, storage technologies,

storage: Add more to the SAN, standard networking/deduplication applies.
access: this is a network/auth issue, irrelevant
indexing: what would email researchers do here that DB guys dont?
delivery:...
scaling: You arent going to get useful scaling data from running a Uni email system in the 21st century
privacy: some research could be done here, ill concede this one
interface : agreed, doesnt mean the Uni system has to run off it to develop an interface.

1) Email and file services, for a research university with a computer science program, is a core function.

No, it's not. We are a research university with a computer science program. CS has nothing to do with our administrative email (which we have also contracted out to Google, BTW) and file services. Nor should they. They have their own systems to do research on and should not be touching ours.

2) Data and communications storage, retention, and management, for a research university doing anything at all

"Google is mining all those accounts for data and showing ads."It depends on the agreement. You can get space from gmail where they don't do that. Last I checked was 50 bucks an email account per year. It's all set up to look like you're organizations system.

Because in most cases, Google is mining all those accounts for data and showing ads.

No, Google Apps for Education has no ads. And Google also claims not to be mining your data for advertisement purposes (although, they claim it is just mining your data for spam/malware, documents so that it can send you to Google Docs, calendaring items so it can send you to Calendars, etc.)

Of course, the real problem is that this second claim of theirs, that they're not mining student's data for advertising, can not be verified. And considering what happened with the recent wifi FTC incident, it's very po

Because in most cases, Google is mining all those accounts for data and showing ads. In some cases, students may be involved with research that includes confidential data. Google does not provide guarantees that they won't mine/archive or protect that data in accordance with laws/regulations surrounding that data.

The Google Apps Terms of Service contractually ensures that your institution (or students, faculty, and staff) are the sole owners of their data.

No advertising to students, faculty, or staff. We offer Google Apps for Education to schools for free. It's also completely ad-free -- which means your school's content is not processed by Google's advertising systems.

We don't look at your content. Google employees will only access content

It's not about being forced to use a specific email account. It is about handing the entire store of all academic, personal, and often confidential-by-law communications to a for-profit corporation whose business is data mining. We should be moving away from giving ownership of all our data to others, and universities should be at the head of that charge, not pushing people in the opposite direction. They should be seeking to protect the identities and private information of faculty, staff, and enrolled stu

As an employer there are laws on data retention, so faculty and staff e-mail has to be retained for legal purposes.

At this point I think it's foolish for students to expect e-mail at school to remain unarchived. Both free and paid private e-mail services are available all over the place.

As an employee I use work e-mail for only work-related purposes. Nothing private. In college this would be a good lesson for students to learn- use academia e-mail for "work" related purposes, as they'll have to do in their professional lives later.

Last I checked, it's possible for Google's mail to use SMTP and POP3. Whether or not the institution chooses that is not the same as it being impossible or even difficult to implement. We use Google for our e-mail at work, with our own domain, etc, and we have SMTP and POP3 enabled.

Normally, Google is the service provider. Which means if they get a warrant, or a subpoena, it goes to Google, and Google can answer it however they want or are required to. For example, with some warrants, Google would be forbidden from notifying the university about the warrant, and even when Google can, they are an intermediary that gets in the way.

By making Google a school official, such warrants and subpoenas go DIRECTLY to the University's attorneys. Berkeley's outsourced-to-google mail system has the same basic language from what I understand.

Where I work we are a service provider for court public records, and are legally an agent of the court for exactly the same reasons. It allows any lawsuits or what have you to be directed to the court as opposed to us. If the court screws up, and makes some information public that shouldn't we do our best to correct the issue, but in the end it's the court's fault and not our own. We even have to be careful in how much help we give them in setting up what data they show, we can't direct them at all or it could make us liable for their bad choices. We can tell them what the majority of our other courts do in similar situations, but even that is a stretch.

1. Google in in a contract with the university that sets out exactly what Google can and can not do with the data. If they break that contract they will be sued and lose. It is not in a companies interest to leave themselves open to litigation and large judgments.2. The "school official" phrase has a few implications;
a. Subpoenas can go to the school instead of Google
b. Teachers are required to post all correspondence on Gmail for retention purposes.
c. IT is only required to support GmailMany universities are trying to cut IT budgets and one of the best ways is to outsource email. One of the biggest failings in the critics is that they offer no alternative. It is very easy to be an obstructionist and much more difficult to solve the issue. No matter what provider was chosen there would always be a few people who object to it and/or the process that came to the solution. For example one of the criticisms is that the comment period was too short at a couple of months and people did not have sufficient time to comment. If that period was extended to say six months there would be people criticizing that such a simple decision should not take so long and the university was wasting time and money. It is impossible to please everyone.

The "lack of consultation" issue is yet another example of what is called the "outhouse principle". It goes like this; When a huge complex project is proposed, say a power plant, where non experts do not have enough knowledge to understand the detail the approval process goes quite quickly as almost all comments are "yes" or "no". When a smaller project, such as an outhouse, is proposed everyone can understand how one is built and want to comment on every little detail of construction; what shape hole in the door(round, moon, star?), dimensions of the door, which way the door swings, how much ventilation room under the door, etc. The approval process for a simple project can be longer than a complex project.There is no reason for everyone on campus to debate this issue until everyone is satisfied. It is a decision by the IT department who made it based on their experience and requirements. Does everyone comment when the chemistry department changes their chemical supplier? Does everyone comment when administration changes their paper supplier? Just because people think they should be able to have a say in matters they think the know about does not mean they really should.

At least the Berkeley agreement, from what I understand, is basically "Google won't datamine the EMAIL/Documents while students are still students and for 6 months afterwords, and during that time the web interface doesn't display adds".

This does NOTHING to prevent the rest of Google's horribly intrusive datamining and associating that information with student identities when the students use the Gmail web interface.

That policy is overridden by the contract with UCSD. Why was it shown to you? Because you ate using a standard Gmail interface that can not identify which contract you are subject to. Does UCSD have a portal like the Univ of Hawaii [google.com]? Using that portal may solve the browser data mining issue.

1. Google in in a contract with the university that sets out exactly what Google can and can not do with the data. If they break that contract

no one will probably ever know, unless they do it in some very blatant way.

Also, "they" might not be Google as a corporate policy. It might be individual employees. It might be the future owner of Google assets if a few stupid decisions bankrupt it or cause it to break up. There are lots of reasons to be skeptical of promises of privacy, and this is a different sort of deal than changing chemical or paper suppliers. This is handing over, if I'm a student, faculty member, or administrator, my personal and s

It might be individual employees of the university run mail system. What makes Google employees any different than University employees?

Accountability to the university.

It might be the university attempting to make money by selling the information. Any future owner of Google, if theat ever happens, would still be bound by the contracts signed by Google.

Sure you can come up with scenarios that can cause issue. The point is that these scenarios apply to any entity that handles the university's email be it Google, the University or another provider.

No, they don't all apply in the same way. The university is probably long-lived in comparison to any of its technology vendors, and its interests do not coincide exactly with the interests of outside vendors. And a service provider bankruptcy, company split, spin-off, or acquisition is likely to be something of a free-for-all, with nobody ever even knowing where everything went or able to force any action of any sort. Just try going and enforcing the contract that says they

There is no inherent reason why an outside provider for something like email has to be cheaper in any significant way for a client the size of a major university. And I'm not making any assumption about incompetent IT professionals- I think you're making an assumption that it was IT professionals at all, rather than business administrators who have made this decision in most universities.

Here is a quote from the article refuting both your points.;"UH Information Technology Services specialist Osamu Makiguchi counters that thousands of schools across the nation already have opted to outsource email, and most of them have selected Google Education Apps, a free service that has the potential to save UH “hundreds of thousands of dollars,” Makiguchi wrote in an email." SO an IT professional in UH is touting hundreds of thousands of dollars in savings.

Just try going and enforcing the contract that says they need to archive your data, do so securely, and make it available to you when there are no employees left.

Is it really free to UH? Someone said something about free up to 5000 users, which I can't imagine covers this case.

If there are no employees than there is no one to use the data. Another point is that, depending on the contract we have never seen, the data may have to be destroyed if ownership changes.

Sure there is: whoever walks off with the hard drives at the end of the day. Good luck tracking down who has physical control over everything and verifying somehow that all the data was securely wiped (much less actually getting a copy) when your only access is through a bankruptcy trustee or a few remaining or former employees who may have legal reasons to avoid saying much.

How ias an employee who is accountable to a university different from an employee who is accountable to Google who is accountable to the university?

1. It's too open to issues: security, privacy, conflict-of-interest, reliability, etc. Everyone knows
(or should know) that Google's and Microsoft's and Yahoo's mail services are "loss leaders": they
exist only (a) to drive customers to products that make money and (b) to monetize as much private
information about users as possible. That's why it should surprise nobody that the latter two are
absolutely hideous: completely overrun by spammers years ago -- and the former muddles along
at a minimally accep

But it's still cheaper and easier to use google apps. Especially when the premium services are provided free to educational institutions. If Google screws up, it does not neccessarily mean you're at fault either.

(a) No, not if you have competent IT staff, it's not and (b) should universities REALLY have email
service provided by the lowest bidder?

With respect to (b), email has been an integral part of campus communication systems for 20+ years.
It carries everything from class assignments to administrative discussions to sports chit-chat to
well, EVERYTHING else. It's a key part of the function of the university by now, and because it is,
much of what it c

But it's still cheaper and easier to use google apps(a) No, not if you have competent IT staff, it's not and (b) should universities REALLY have email service provided by the lowest bidder?

Google Apps for Education is free. Free as in $0. It is, by definition, cheaper than anything involving local personnel. Unless you want student volunteers managing e-mail, and even then you've gotta pay for hardware.

You can say that going with Google Apps is penny wise, pound foolish, but it's not your decision. Coll

With no single cent spent at all on the service by the university, I find it hard to believe the same can be accomplished using the university's staff.

(b) should universities REALLY have email service provided by the lowest bidder?

To be fair, you'll be hard to find a provider that is the capability to constantly deal with increasing capacity, needs, functionality that is as reliable to Google. Now, considering Google is also cheaper than all the alternati

Your scenario is not always plausible. Small private universities and rural state run universities may not have the required budget to acquire properly trained or capable personnel to implement and maintain your solution.Would you perform the tasks you describe for an annual salary of $35,000 to $45,000 with at most two people handling implementation, support and maintenance? Would you move to a small 10,000 person town that is at least 100 miles away from any metropolitan area to take that position? That

I'm on the faculty committee evaluating this option for my small liberal arts college. For us, it's a no brainer:a) We get a significantly better user experience than our existing software. You call Google "minimally acceptable quality", but its availability, user interface, storage, spam filtering, and speed are significant improvements over what we have. You might be able to install a homegrown service that's better than Google, but we can't afford to hire you. The administration is asking our IT depa

Google apps "for education" and "for non-profits" are different packages. The university package is completely free regardless of user base. "For non-profits" is free below 3,000 accounts and has a 40% discount above that limit.

Which in all likelihood will be spent on some proprietary software package that most students will never benefit from. Meanwhile, students are at the mercy of Google when it comes to feature changes, compatibility, and even getting to keep their email account (which at least here Google can terminate on its own if they want).

Don't be silly with all your talk of ONE institution with too much power and an overly centralized failure point of both service and security. There are TWO such institutions, you're forgetting Facebook as they control, own, and mine the other half of Internet communications.

Well, one cannot prove a negative, but look at this:http://www.google.com/apps/intl/en/edu/privacy.html [google.com]which includes the statement:No advertising to students, faculty, or staff. We offer Google Apps for Education to schools for free. It's also completely ad-free -- which means your school's content is not processed by Google's advertising systems.